Technical Field
This disclosure relates generally to enabling users on a client system to access files over a network using network protocols.
Background of the Related Art
Network File System (NFS) is a standards-based distributed file system protocol that allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed. In particular, it is a mechanism that allows users to access files and directories located on remote computers and to treat those files and directories as if they were local. For example, users can use operating system or other commands to create, remove, read, write, and set file attributes for remote files and directories. An NFS software package typically includes commands and daemons for NFS and other services. NFS provides its services through a client-server relationship.
Many web applications (e.g., web servers, wikis, software libraries, and the like) serve files. Web-based file access also typically is client-server based. Typically, the client-server interaction involves HTTP, HTTPS or other transport such as Simple Object Access Protocol (SOAP) over HTTP, FTP, REST, or others. Often, it is desired to “secure” files or other resources that may be accessible over the Web. Where secure web-based access is required, a web portal or the like may be implemented to provide authorization and access control services for web resources. In a typical enterprise-based operating environment, a high performance, multi-threaded web server manages access to one or more web servers and provides authentication and authorization services. This allows the enterprise to centrally control their web resources as a single, logical web space.
It would be useful for client computers to be able to access web-based files through the NFS protocol. This would provide a “local” file access to the remote files that are otherwise accessible, e.g., via a web portal or the like. A problem, however, is that web applications accessible through the portal typically use web-based authentication mechanisms (e.g., OAuth, Basic Authentication, form-based authentication, digest-based authentication, among others) to drive file access authorization; NFS, in contrast, typically provides authorization (and, in particular, permissions) based on an Internet Protocol (IP) address of the client system that accesses the NFS server, together with an identifier (ID) of the user accessing the file on the client system. The ID usually is the user's identity on the client machine. These authorization mechanisms, however, are incompatible with one another. In particular, the client machines (from which NFS-based access would be desired) are often located in private IP address domains or behind network firewalls. As such, typically the IP addresses of those machines cannot propagate over the wide area network (required for web-based remote access). Moreover, often the client machines are used by multiple users each of whom may work on the machine under different authorization constraints. A further complication is that NFS implementations do not provide adequate support to enable system-based authentication across a wide area network.
There remains a need to provide a mechanism that will allow users on a client system to access files secured by a web application using NFS and in a manner that is consistent with the application's authorization rules.